Network service chains are sequences of actions or service functions that are applied to packets of traffic as the packets pass through physical and/or virtual network elements. The service functions may be arranged according to pre-defined policies and then deployed using automated processes. A network service header is added to the packets of a data stream and describes a sequence of service nodes that the packet must be routed to prior to reaching the destination address. The network service header may also include metadata information about the packet and/or the service chain.
Network overlays are technologies that may run on top of an Open Systems Interconnection (OSI) model Layer 2 (L2) or Layer 3 (L3) environment. Overlay technologies may include Virtual Extensible Local Area Networks (VxLANs), Generic Routing Encapsulation (GRE) or Virtual Private Network (VPN) Tunnels. Segmentation technologies may be used to isolate and distinguish traffic flows on different layers of the OSI model. Segmentation may include using overlay technologies (e.g., VLAN, VxLAN, GRE, etc.) on L2 and L3, while other segmentation technologies may be used on other OSI model layers. For example, port addresses may be used to provide segmentation on OSI model Layers 4-7. Network overlays and/or segmentation allow networks to be subdivided or segmented into virtual networks such that the physical network elements may be used to implement one or more independent and secure virtual networks. Network overlays and/or segmentation may be implemented by partitioning network devices per physical port, through marking or tagging of packets, and/or encapsulating packets in overlay or segmentation specific headers. When overlay or segmentation specific headers are utilized, packet payloads may be encrypted on a per-overlay/segmentation basis to ensure the security of the different overlays/segmentations sharing the same physical devices.